# 安装Postfix
$ sudo dnf install -y postfix
Last metadata expiration check: 0:45:23 ago on Thu 03 Apr 2026 23:00:15 AM CST.
Package postfix-3.5.9-24.el9.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!

# 启动Postfix服务
$ sudo systemctl start postfix

# 设置开机自启动
$ sudo systemctl enable postfix
Created symlink /etc/systemd/system/multi-user.target.wants/postfix.学习交流加群风哥微信: itpux-comservice → /usr/lib/systemd/system/postfix.service.

# 查看服务状态
$ sudo systemctl status postfix
● postfix.service – Postfix Mail Transport Agent
Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled; preset: enabled)
Active: active (running) since Thu 2026-04-03 23:00:00 CST; 10s ago
Process: 12362 ExecStart=/usr/sbin/postfix start (code=exited, status=0/SUCCESS)
Process: 12363 ExecStartPost=/bin/sh -c id postfix 2>/dev/null || { /usr/sbin/groupadd -g 89 -r postfix 2>/dev/null; /usr/sbin/useradd -r -g postfix -u 89 -d /var/spool/postfix -s /sbin/nologin postfix 2>/dev/null; } (code=exited, status=0/SUCCESS)
Process: 12364 ExecStartPost=/usr/sbin/postfix check (code=exited, status=0/SUCCESS)
Main PID: 12435 (master)
Tasks: 3 (limit: 49152)
Memory: 5.5M
CPU: 50ms
CGroup: /system.slice/postfix.service
├─12435 /usr/libexec/postfix/master -w
├─12436 pickup -l -t unix -u
└─12437 qmgr -l -t unix -u

Apr 03 23:00:00 rhel10 systemd[1]: Starting Postfix Mail Transport Agent…
Apr 03 23:00:00 rhel10 postfix/master[12435]: daemon started — version 3.5.9, configuration /etc/postfix
Apr 03 23:00:00 rhel10 systemd[1]: Started Postfix Mail Transport Agent.

# 配置防火墙
$ sudo firewall-cmd –permanent –add-service=smtp
success
$ sudo firewall-cmd –permanent –add-service=smtps
success
$ sudo firewall-cmd –permanent –add-service=smtp-submission
success
$ sudo firewall-cmd –reload
success

# 测试邮件发送
$ echo “Test email” | mail -s “Test Subject” user@localhost

# 备份原配置文件
$ sudo cp /etc/postfix/main.cf /etc/postfix/main.cf.bak

# 编辑主配置文件
$ sudo tee /etc/postfix/main.cf << EOF # 基本配置 queue_directory = /var/spool/postfix command_directory = /usr/sbin daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix mail_owner = postfix # 主机配置 myhostname = mail.fgedu.net.cn mydomain = fgedu.net.cn myorigin = \$mydomain inet_interfaces = all inet_protocols = ipv4 mydestination = \$myhostname, localhost.\$mydomain, localhost, \$mydomain # 网络配置 mynetworks = 127.0.0.0/8, 192.168.1.0/24 relay_domains = \$mydestination # 邮箱配置 home_mailbox = Maildir/ mail_spool_directory = /var/mail # SMTP配置 smtpd_banner = \$myhostname ESMTP smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination # SASL认证配置 smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = \$myhostname broken_sasl_auth_clients = yes # TLS配置 smtpd_tls_security_level = may smtpd_tls_cert_file = /etc/pki/tls/certs/mail.crt smtpd_tls_key_file = /etc/pki/tls/private/mail.key smtpd_tls_session_cache_timeout = 3600s smtpd_tls_session_cache_database = btree:\$data_directory/smtpd_scache smtp_tls_security_level = may smtp_tls_session_cache_database = btree:\$data_directory/smtp_scache # 邮件大小限制 message_size_limit = 10485760 mailbox_size_limit = 1073741824 # 别名配置 alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases # 调试配置 debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd \$daemon_directory/\$process_name \$process_id & sleep 5 EOF # 检查配置语法 $ sudo postfix check # 重启服务 $ sudo systemctl restart postfix

# 安装Cyrus SASL
$ sudo dnf install -y cyrus-sasl cyrus-sasl-plain

# 启动SASL服务
$ sudo systemctl enable –now saslauthd

# 配置SASL
$ sudo tee /etc/sasl2/smtpd.conf << EOF pwcheck_method: saslauthd mech_list: plain login EOF # 创建邮件用户 $ sudo useradd -m -s /bin/bash user1 $ sudo passwd user1 Changing password for user user1. New password: Retype new password: passwd: all authentication tokens 更多学习教程公众号风哥教程itpux_comupdated successfully. # 测试SMTP认证 $ testsaslauthd -u user1 -p password 0: OK "Success." # 配置Postfix使用SASL $ sudo postconf -e 'smtpd_sasl_auth_enable = yes' $ sudo postconf -e 'smtpd_sasl_security_options = noanonymous' $ sudo postconf -e 'smtpd_sasl_local_domain = $myhostname' # 重启服务 $ sudo systemctl restart postfix # 测试SMTP连接 $ telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 mail.fgedu.net.cn ESMTP EHLO localhost 250-mail.fgedu.net.cn 250-PIPELINING 250-SIZE 10485760 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN QUIT 221 2.0.0 Bye Connection closed by foreign host.

# 生成SSL证书
$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout /etc/pki/tls/private/mail.key \
-out /etc/pki/tls/certs/mail.crt \
-subj “/C=CN/ST=Beijing/L=Beijing/O=Example/CN=mail.fgedu.net.cn”
Generating a RSA private key
……………….+++++
…………+++++
writing new private key to ‘/etc/pki/tls/private/mail.key’
—–

# 设置证书权限
$ sudo chmod 600 /etc/pki/tls/private/mail.key
$ sudo chmod 644 /etc/pki/tls/certs/mail.crt

# 配置Postfix使用TLS
$ sudo postconf -e ‘smtpd_tls_security_level = may’
$ sudo postconf -e ‘smtpd_tls_cert_file = /etc/pki/tls/certs/mail.crt’
$ sudo postconf -e ‘smtpd_tls_key_file = /etc/pki/tls/private/mail.key’
$ sudo postconf -e ‘smtpd_tls_session_cache_timeout = 3600s’
$ sudo postconf -e ‘smtpd_tls_session_cache_database = btree:$data_directory/smtpd_scache’
$ sudo postconf -e ‘smtp_tls_security_level = may’
$ sudo postconf -e ‘smtp_tls_session_cache_database = btree:$data_directory/smtp_scache’

# 重启服务
$ sudo systemctl restart postfix

# 测试TLS连接
$ openssl s_client -connect localhost:25 -starttls smtp
CONNECTED(00000003)
depth=0 C = CN, ST = Beijing, L = Beijing, O = Example, CN = mail.fgedu.net.cn
verify error:num=18:self signed certificate
verify return:1
depth=0 C = CN,更多视频教程www.fgedu.net.cn ST = Beijing, L = Beijing, O = Example, CN = mail.fgedu.net.cn
verify return:1
—
Certificate chain
0 s:C = CN, ST = Beijing, L = Beijing, O = Example, CN = mail.fgedu.net.cn
i:C = CN, ST = Beijing, L = Beijing, O = Example, CN = mail.fgedu.net.cn
—
Server certificate
—–BEGIN CERTIFICATE—–
MIIDXTCCAkWgAwIBAgIJALmVVuSWB6qVMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV
…
—–END CERTIFICATE—–
subject=C = CN, ST = Beijing, L = Beijing, O = Exa学习交流加群风哥QQ113257174mple, CN = mail.fgedu.net.cn
issuer=C = CN, ST = Beijing, L = Beijing, O = Example, CN = mail.fgedu.net.cn
—
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: ECDH, P-256, 256 bits
—
SSL handshake has read 1589 bytes and written 414 bytes
Verification error: self signed certificate
—
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 18 (self signed certificate)
—
250 DSN
QUIT
DONE

# 查看邮件队列
$ sudo mailq
Mail queue is empty

# 查看队列详情
$ sudo postqueue -p
Mail queue is empty

# 强制发送队列中的邮件
$ sudo postqueue -f

# 删除队列中的邮件
$ sudo postsuper -d ALL

# 查看邮件日志
$ sudo tail -f /var/log/maillog
Apr 3 23:05:00 rhel10 postfix/smtpd[12365]: connect from localhost[127.0.0.1]
Apr 3 23:05:00 rhel10 postfix/smtpd[12365]: disconnect from localhost[127.0.0.1] ehlo=1 quit=1 commands=2

# 测试邮件发送
$ echo “Test message body” | mail -s “Test Subject” -r user1@fgedu.net.cn user2@fgedu.net.cn

# 查看用户邮箱
$ ls -l /home/user1/Maildir/new/
total 4
-rw——-. 1 user1 user1 1234 Apr 3 23:05:00 1234567890.V800I123456.mail.fgedu.net.cn

# 查看邮件内容
$ cat /home/user1/Maildir/new/1234567890.V800I123456.mail.fgedu.net.cn
Return-Path:
X-Original-To: user1@fgedu.net.cn
Delivered-To: user1@fgedu.net.cn
Received: from mail.fgedu.net.cn (localhost [127.0.0.1])
by mail.fgedu.net.cn (Postfix) with ESMTP id ABC123
for ; Thu, 3 Apr 2026 23:05:00 +0800 (CST)
Subject: Test Subject
From: user2@fgedu.net.cn
To: user1@fgedu.net.cn
Date: Thu, 03 Apr 2026 23:05:00 +0800

Test message body